How SSH Works

In our previous article we talked about how SSL certificates work and how they are important authentication methods for indicating your connection to the site is secure. We also mentioned that it’s necessary to secure your connection to the server as well. SSH does exactly that.

SHH Secure Shell is a network protocol that ensures secure connections. SSH protects the data that flows between the client and the server. SSH is predominantly used for connections on public networks such as the internet.

SSH was developed to replace TelNet. TelNet was insecure as any credentials entered into the server for access were passed over the network in plain text and could be intercepted without encryption. SSH can be used to send data such as commands, text and files via SFTP (Secure File Transfer Protocol). It can be used worldwide and is also available on all major platforms such as Linux, Windows, Android, Routers, Switches, iPhones, Macs etc

SSH sits on the Application (7th) layer of the OSI model, along with SMTP, FTP etc. It connects from client applications and servers such as PuTTy and OpenSSh server. When a client connects to the server there needs to be a process that can check the connection is secure. SSH operates by connecting to a SSH server through the use of an IP Address, HostName, port number, username and password or RSA key pair.

SHH uses a couple methods of verification such as username and password. An increasingly more common and secure method for verification is exchange of cryptographic keys (RSA keys). RSA keys are more secure than a password because they can not be stolen, guessed or brute forced as they are unique, random and kept on the client individual machine as a known host.

When connecting an SSH server you are dropped into a secure shell. Once connected you can execute commands on the server such as software installs, running nano text editor, using apt-get for downloading programs or managing servers through Apache web server.

SSH does not require physical access to the machine and can simply connect to the server via the internet, which makes it a useful tool when connecting to servers from remote locations. However, one fault with SSH is that it’s not available from boot. This means, if something happened to your server during the boot process to stop SSH from launching, then you won’t be able to connect to the server and perform your tasks.

To stay secure, SSH uses multiple methods of data manipulation at various points during a transmission. These include Symmetrical encryption, Asymmetrical encryption and hashing.

Symmetrical encryption is the type of encryption where one key can be used to encrypt messages to and from the destination and also decrypt messages to and from the destination. This encryption scheme is also known as a shared secret encryption or a shared key encryption. This is used to encrypt the entire ssh connection and is for preventing man in the middle attacks from being able to read any data transmitted.

Asymmetrical encryption makes use of both public and private keys. The public key can be shared publicly whereas as the private key remains a secret. The data can be encrypted with the public key, but only the private key can decrypt the data. Asymmetrical encryption is used in a few places such as the exchange process used to set up the symmetrical encryption. It is also used as the key that can be used to SSH to a server without the use of a password.

Hashing is when you create a signature or summary of set of information. Hashing is one way and is impossible to decrypt, you can only brute force them or setup a collision which is also very difficult. Hashing is like making bread, once you have created the loaf from flour water and yeast, you can’t reverse the process and get the original ingredients. Encryption, however is like placing your ingredients in a safe, you can get back what you put in.

As you can see SSH uses a lot of secured handshaking, when you are connecting and executing commands over a network and to the server. This helps to keep any data that is transferred secure and unreadable to unauthorised people. Security should be a top priority for every business and SSH provides a secure connection that all business should be able to utilise.